package com.aaa.web.shiro;

import com.aaa.entity.BackRole;
import com.aaa.entity.Permission;
import com.aaa.entity.Per;
import com.aaa.entity.Employee;
import com.aaa.util.EmpUtil;
import com.aaa.web.service.iwebloginservice.IWebLoginService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * @Author: yyh
 * @Date: 2018/12/12 0012 21:39
 * @Version 1.0
 */
//实现AuthorizingRealm接口用户用户认证
public class MyShiroRealm extends AuthorizingRealm {
    //用于用户查询
    @Autowired
    private IWebLoginService loginService;

    //角色权限和对应权限添加
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取登录用户名
        String telephone= (String) principalCollection.getPrimaryPrincipal();
        //查询用户名称
        Employee emp = loginService.getEmployeeById(telephone);
        //添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        if(emp.getAdmin()==1){
            String[] permission = loginService.selectAll();
            for (int i = 0; i < permission.length; i++) {
                simpleAuthorizationInfo.addStringPermission(permission[i]);
            }
            return simpleAuthorizationInfo;
        }
        simpleAuthorizationInfo.addRole("role");
        String[] permission = loginService.selectShiro(emp.getEmployeeid());
        for (int i = 0; i < permission.length; i++) {
            simpleAuthorizationInfo.addStringPermission(permission[i]);
        }
        return simpleAuthorizationInfo;
    }

    //用户认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //加这一步的目的是在Post请求的时候会先进认证，然后在到请求
        if (authenticationToken.getPrincipal() == null) {
            return null;
        }
        //获取用户信息
        SecurityUtils.getSubject().isPermitted();
        String telephone= authenticationToken.getPrincipal().toString();
        Employee emp = loginService.getEmployeeById(telephone);
        EmpUtil.setEmp(emp);
        if (emp == null) {
            //这里返回后会报出对应异常
            return null;
        } else {
            //这里验证authenticationToken和simpleAuthenticationInfo的信息
            //第二个参数是数据库中的密文
            //第三个参数是数据库中的盐值
            //返回的是当前会话中保存的名字，前端传入的
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(telephone, emp.getPassword(),ByteSource.Util.bytes(emp.getTelephone()), getName());
            return simpleAuthenticationInfo;
        }

    }

}